DHCP Scope: Full of BAD_ADDRESS Entries
Feb05

DHCP Scope: Full of BAD_ADDRESS Entries

KB ID 0001651 Problem I had a client machine struggling to get an DHCP address, and when I looked in DHCP the scope it was full of this; BAD_ADDRESS This address Is Already in Use Solution A tour of Google and forums is full of posts by people with this problem, and other than, ‘Oh I looked in the logs and fixed it’ (with no mention of what log, or where this log was), or ‘Yeah I used Wireshark and located a problem...

Read More
AnyConnect: Enable Duo 2Factor Authentication
Feb04

AnyConnect: Enable Duo 2Factor Authentication

KB ID 0001650 Problem I was asked if I’d ever set this up the other week. Surprisingly I had not, I’d deployed Duo for other things, but not for Cisco AnyConnect. As I had some other ‘Duo’ related tasks coming up, I was deploying it on the test bench, then adding in my Cisco ASA and AnyConnect wasn’t much more work! Here’s my topology; My ASA is running version 9.1 My Duo Authentication Proxy is...

Read More
AnyConnect Error: Unable To Verify IP Forwarding Table Modifications
Jan30

AnyConnect Error: Unable To Verify IP Forwarding Table Modifications

KB ID 0001646 Problem While attempting to connect to a clients AnyConnect, this happened; The VPN client was unable to successfully verify the IP forwarding table modifications. A VPN connection will not be established. Or on older clients, you may see; The VPN client was unable to modify the IP forwarding table. A VPN connection will not be established. Please restart your computer or device, then try again. Solution I was trying to...

Read More
Get Ready for LDAPS Channel Binding
Jan28

Get Ready for LDAPS Channel Binding

KB ID 0001645 Problem I have written about Enabling LDAPS a long time ago, but it’s a subject that’s about to become important again, so I’ll revisit the subject. Microsoft are about to ‘enforce’ LDAPS authentication against their domain controllers, in the March 2020 round of updates. Now delayed until second half of 2020. What does that mean? Well lookups against LDAP will now need to be secure, (i.e....

Read More
Cisco Catalist Upgrading 2900, 5500 and 3700 Stacks
Dec23

Cisco Catalist Upgrading 2900, 5500 and 3700 Stacks

KB ID 0001630 Problem People are often nervous about doing this, I’m not sure why because Cisco have made it painfully simple now. That’s because instead of the old /bin files we used to use, you can now upgrade a switch (or a switch stack) using a .tar file with one command, (and it will also upgrade all the stack members and the firmware on any other network modules you have in the switches at the same time). Yes it does...

Read More
Add a Static (One to One) NAT Translation to a Cisco ASA 5500 Firewall
Nov17

Add a Static (One to One) NAT Translation to a Cisco ASA 5500 Firewall

KB ID 0000691 Problem If you have a spare/available public IP address you can statically map that IP address to one of your network hosts, (i.e. for a mail server, or a web server, that needs public access). This is commonly referred to as a ‘Static NAT’, or a ‘One to One translation’. Where all traffic destined for public address A, is sent to private address X. Note: This solution is for firewalls running...

Read More